Current HSTS set not displaying visited sites

Asked Jun 28 '17 at 15:34

Active Jun 28 '17 at 19:39

Viewed 171 times

I'm using chrome://net-internals/#hsts to do HSTS testing.

I tried to query a domain that has HST preloaded (facebook.com), and got the expected results:

Found: static_sts_domain: facebook.com

However, I tried the following steps with a domain that is not preloaded (live.com)

Go to http://live.com (I then get redirected to https://live.com)
Query live.com domain for HSTS (using chrome://net-internals/#hsts) Results: Not found
Go to https://live.com (directly typing HTTPS to avoid being redirected)
Query live.com domain for HSTS (using chrome://net-internals/#hsts) Results: Found: dynamic_sts_domain: live.com

I don't understand why my query at step 2 didn't find anything. I got redirected, but I ultimately visited https://live.com and received a response that contained an HSTS header Strict-Transport-Security:max-age=63072000;includeSubDomains.

edited Jun 28 '17 at 19:39

Bob Ortiz

6,665
11
50
96

asked Jun 28 '17 at 15:34

user152086

see: https://superuser.com/a/1235540/60046 – Matt V. Oct 20 '17 at 01:21

Current HSTS set not displaying visited sites

0 Answers0